Toward a Theory of Contexts of Assumptions in Logical Frameworks - - PowerPoint PPT Presentation

toward a theory of contexts of assumptions in logical
SMART_READER_LITE
LIVE PREVIEW

Toward a Theory of Contexts of Assumptions in Logical Frameworks - - PowerPoint PPT Presentation

Jan 02, 2024 235 likes •493 views

Toward a Theory of Contexts of Assumptions in Logical Frameworks Amy Felty University of Ottawa Inria Sophia Antipolis M editerran ee TYPES Meeting, May 12, 2014 Joint work with Alberto Momigliano and Brigitte Pientka 1 Motivation:

slide-1
SLIDE 1

Toward a Theory of Contexts of Assumptions in Logical Frameworks

Amy Felty

University of Ottawa Inria Sophia Antipolis M´ editerran´ ee TYPES Meeting, May 12, 2014 Joint work with Alberto Momigliano and Brigitte Pientka

1

slide-2
SLIDE 2

Motivation: Comparing Systems

We focus on logical frameworks that support the use of higher-order abstract syntax.

◮ Commonalities: ⋆ encode object-level binders with meta-level binders ⋆ support for alpha-renaming and substitution ⋆ encode axioms and inference rules using hypothetical and

parametric judgments

◮ Differences: ⋆ how a system supports reasoning about hypothetical and

parametric derivations, which requires support for contexts to keep track of hypotheses

⋆ other features. . . 2

slide-3
SLIDE 3

Comparing Systems (continued)

Case studies we consider are in the domain of meta-theory of programming languages. Systems we have studied include:

◮ based on type theory: Twelf, Beluga ◮ based on proof theory: Abella, Hybrid

We are also designing an Open challenge problem Repository for systems supporting reasoning with BInders (ORBI), for sharing HOAS benchmark problems. (Can be thought of as an intermediate language between OTT and TPTP.) We want to relate one framework to another with the aim of transferring theorems and proofs (some similar goals to the ProofCert project).

3

slide-4
SLIDE 4

Outline

1

Motivating Examples

2

Contexts as Structured Sequences

3

Structural Rules

4

Reasoning with Contexts: Generalized Contexts vs. Context Relations

5

Current and Future Work

4

slide-5
SLIDE 5

A First Example: Polymorphic λCalculus

Grammar: Types and Terms (does not enforce scope)

Types A, B ::= α Terms M ::= x | arr A B | lam x.M | app M N | all α.A | tlam α.M | tapp M A

Alternative: Well-Formed Terms Martin-L¨

  • f Style (enforces scope)

is tm x tmv . . . is tm M is tm (lam x. M) tmx,tmv

l

is tp α tpv . . . is tm M is tm (tlam α. M) tmα,tpv

tl

is tm M1 is tm M2 is tm (app M1 M2) tma is tm M is tp A is tm (tapp M A) tmta

5

slide-6
SLIDE 6

A Second Example (with Implicit Contexts)

Rules for “algorithmic” equality for the untyped λcalculus: is tm x x aeq x x aev . . . aeq M N aeq (lam x. M) (lam x. N) aex,aev

l

aeq M1 N1 aeq M2 N2 aeq (app M1 M2) (app N1 N2) aea + Context-free representation scales from grammars to judgments

  • Can we tell open vs. closed object?
  • Meta-reasoning about such judgments requires explicit

structured contexts.

  • Explicit structural properties of assumptions are also important.

6

slide-7
SLIDE 7

Explicit Contexts

Examples of contexts occurring in the above examples:

Type Context Γ ::= · | Γ, is tp α Term/Type Context Γ ::= · | Γ, is tp α | Γ, is tm x Equality Context Γ ::= · | Γ, is tm x, aeq x x In the latter, note that we are introducing the variable x together with the assumption aeq x x.

Issue: The use of ’,’ is ambiguous. Our view: Contexts are structured sequences. We use ’;’ to separate atoms inside a “block.”

Equality Context Γ ::= · | Γ, is tm x; aeq x x

7

slide-8
SLIDE 8

Contexts as Structured Sequences

A context is a sequence of declarations D where a declaration is a block of individual atomic assumptions separated by ’;’, which binds tighter than ’,’. Atom A Block of declaration D ::= A | D; A Context Γ ::= · | Γ, D Schema S ::= Ds | Ds | | | | S A schema classify a context, where ’| | | |’ describes alternatives. Sαx ::= is tp α | | | | is tm x Sxa ::= is tm x; aeq x x There are typing rules relating context and schemas (not shown here). Convention: Φαx describes a context with schema Sαx.

8

slide-9
SLIDE 9

Polymorphic λCalculus Revisited (with Explicit Contexts)

is tm x ∈ Φαx Φαx ⊢ is tm x tmv Φαx, is tm x ⊢ is tm M Φαx ⊢ is tm (lam x. M) tml Φαx ⊢ is tm M1 Φαx ⊢ is tm M2 Φαx ⊢ is tm (app M1 M2) tma Φαx, is tp α ⊢ is tm M Φαx ⊢ is tm (tlam α. M) tmtl Φαx ⊢ is tm M Φαx ⊢ is tp A Φαx ⊢ is tm (tapp M A) tmta

9

slide-10
SLIDE 10

Structural Rules

More fine-grained view of structural rules, which can be applied inside a block or to a whole context. Slightly unusual presentation of rules based on

  • perations on declarations:

◮ Let rmA : S → S′ be a total function taking D ∈ S and

returning D′ ∈ S′ where D′ is D with A removed, if A ∈ D;

  • therwise D′ = D.

◮ Let permπ : S → S′ be a total function which permutes the

elements of D ∈ S according to π to obtain D′ ∈ S′.

10

slide-11
SLIDE 11

Example Operations on Declarations

Sαx ::= is tp α | | | | is tm x Sxa ::= is tm x; aeq x x Sα ::= is tp α Sx ::= is tm x rmaeq x x : Sxa → Sx = λd.case d of is tm y; aeq y y → is tm y rmis tm x : Sαx → Sα = λd.case d of | is tp α → is tp α | is tm y → · (Note that the latter “removes” whole declarations.)

11

slide-12
SLIDE 12

Structural Properties of Declarations

Declaration Weakening: Γ, rmA(D), Γ′ ⊢ J Γ, D, Γ′ ⊢ J d-wk Declaration Strengthening: Γ, D, Γ′ ⊢ J Γ, rmA(D), Γ′ ⊢ J d-str(†) with the proviso (†) that A is irrelevant to J (e.g., subordination) Declaration Exchange Γ, D, Γ′ ⊢ J Γ, permπ(D), Γ′ ⊢ J d-exc

12

slide-13
SLIDE 13

Structural Properties of Contexts

We extended those operations to act on contexts (rm∗

A, perm∗ π):

Context Weakening rm∗

A(Γ) ⊢ J

Γ ⊢ J c-wk Context Strengthening Γ ⊢ J rm∗

A(Γ) ⊢ J c-str(†)

Context Exchange Γ ⊢ J perm∗

π(Γ) ⊢ J c-exc

13

slide-14
SLIDE 14

Example Revisited

Recall:

Sαx ::= is tp α | | | | is tm x Sα ::= is tp α rmis tm x : Sαx → Sα

For the rule for well formed type application, we wrote:

Φαx ⊢ is tm M Φαx ⊢ is tp A Φαx ⊢ is tm (tapp M A) tmta

Note that we also know rm∗

is tm x(Φαx) ⊢ is tp A

Furthermore, we really have the following rule, where Γ is any context that can be strengthened to a context satisfying schema Sαx (and then further strengthened in the right premise).

Γ ⊢ is tm M Γ ⊢ is tp A Γ ⊢ is tm (tapp M A) tmta

14

slide-15
SLIDE 15

Reasoning and Contexts

Rules for “declarative” equality for the untyped λcalculus:

Sxd ::= is tm x; deq x x deq x x ∈ Φxd Φxd ⊢ deq x x dev Φxd, is tm x; deq x x ⊢ deq M N Φxd ⊢ deq (lam x. M) (lam x. N) del Φxd ⊢ deq M1 N1 Φxd ⊢ deq M2 N2 Φxd ⊢ deq (app M1 M2) (app N1 N2) dea Φxd ⊢ deq M M der Φxd ⊢ deq N M Φxd ⊢ deq M N des Φxd ⊢ deq M L Φxd ⊢ deq L N Φxd ⊢ deq M N det

Attempt (Completeness)

If Γ1 ⊢ deq M N, then Γ2 ⊢ aeq M N. This statement does not contain enough information about how the two contexts Γ1 and Γ2 are related.

15

slide-16
SLIDE 16

Two Approaches

Attempt (Completeness)

If Γ1 ⊢ deq M N, then Γ2 ⊢ aeq M N.

1

Context relations approach (R). Assume that Γ1 and Γ2 satisfy the appropriate schemas, and then specify how they are related.

Sxd ::= is tm x; deq x x Sxa ::= is tm x; aeq x x

(This approach is used by Abella and Hybrid.)

2

Generalized context approach (G). Use a single context in the theorem that contains all assumptions in the relevant judgments.

Sda ::= is tm x; deq x x; aeq x x

(This approach is used by Twelf and Beluga.)

16

slide-17
SLIDE 17

Generalized Contexts

Sda ::= is tm x; deq x x; aeq x x

Theorem (Completeness, G Version)

If Φda ⊢ deq M N, then Φda ⊢ aeq M N. Proof of lambda case:

Γ, is tm x; deq x x ⊢ deq M N Γ ⊢ deq (lam x. M) (lam x. N) del

Φda ⊢ deq (lam x. M) (lam x. N) by assumption Φda, is tm x; deq x x ⊢ deq M N by del Φda, is tm x; deq x x; aeq x x ⊢ deq M N by d-wk Φda, is tm x; deq x x; aeq x x ⊢ aeq M N by i.h. Φda, is tm x; aeq x x ⊢ aeq M N by d-str Φda ⊢ aeq (lam x. M) (lam x. N) by ael

17

slide-18
SLIDE 18

Context Relations

Sxd ::= is tm x; deq x x Sxa ::= is tm x; aeq x x

Theorem (Completeness, R Version)

Assume Φxd ∼ Φxa. If Φxd ⊢ deq M N, then Φxa ⊢ aeq M N.

1

We can define Φxd ∼ Φxa using rm∗. Recall:

Sda ::= is tm x; deq x x; aeq x x

Φxd ∼ Φxa iff there is a Φda satisfying Sda such that Φxd = rm∗

aeq x x(Φda) and Φxa = rm∗ deq x x(Φda).

2

Alternatively, we can define this relation inductively: . ∼ . Φxd ∼ Φxa Φxd, is tm x; deq x x ∼ Φxa, is tm x; aeq x x

18

slide-19
SLIDE 19

Context Relations: Lambda Case Revisited

Theorem (Completeness, R Version)

Assume Φxd ∼ Φxa. If Φxd ⊢ deq M N, then Φxa ⊢ aeq M N. Proof of lambda case:

Γ, is tm x; deq x x ⊢ deq M N Γ ⊢ deq (lam x. M) (lam x. N) del

Φxd ⊢ deq (lam x. M) (lam x. N) by assumption Φxd, is tm x; deq x x ⊢ deq M N by del Φxd, is tm x; deq x x ∼ Φxa, is tm x; aeq x x by def ∼ Φxa, is tm x; aeq x x ⊢ aeq M N by i.h. Φxa ⊢ aeq (lam x. M) (lam x. N) by ael

19

slide-20
SLIDE 20

Promotion

Sxa ::= is tm x; aeq x x Sda ::= is tm x; deq x x; aeq x x

Proving completeness involves proving admissibility of reflexivity, symmetry, and transitivity. We consider the G version of reflexivity.

Lemma (Admissibility of Reflexivity, G Version)

If Φxa ⊢ is tm M then Φxa ⊢ aeq M M. Before using this lemma in the proof of completeness of algorithmic equality with respect to declarative equality, we must first “promote” it first to the larger context used in that theorem.

Lemma (Promotion, G Version)

If Φda ⊢ is tm M then Φda ⊢ aeq M M.

20

slide-21
SLIDE 21

Proving Promotion

Sxa ::= is tm x; aeq x x Sda ::= is tm x; deq x x; aeq x x

Lemma (Promotion, G Version)

If Φda ⊢ is tm M then Φda ⊢ aeq M M. Proof: Φda ⊢ is tm M by assumption Φxa ⊢ is tm M by c-str Φxa ⊢ aeq M M by previous lemma Φda ⊢ aeq M M by c-wk In general, proofs of promotion for G versions of theorems require a combination of strengthening and weakening on contexts. R versions of promotion involve strengthening and/or weakening

  • f one or both sides of a context relation.

21

slide-22
SLIDE 22

Current and Future Work (1)

What started as work on comparing HOAS systems is bearing additional fruit. Translating theorems and proofs between systems

◮ A possible unification of how contexts are mechanized in type

theory and proof theory tools

◮ Formally relating G and R versions will likely be an important

step.

Designing ORBI (Open challenge problem Repository for systems supporting reasoning with BInders)

◮ A common intermediate language for benchmark sharing that

uses a Beluga-like syntax enriched with directives so that the ORBI2X tools will compile it into legal Twelf/Beluga, Abella/Hybrid, etc.

22

slide-23
SLIDE 23

Current and Future Work (2)

Tool support

◮ Many common lemmas such as structural rules and promotion

  • lemmas. Wouldn’t it be nice to have your logical framework

support this?

◮ A tool for parsing and translating ORBI syntax to the Coq

version of Hybrid is under development. It is designed to be easily adapted to output Abella scripts. [Habli & Felty, PXTP 2013].

23

slide-24
SLIDE 24

References

Felty, Momigliano, & Pientka, The Next 700 Challenge Problems for Reasoning with Higher-Order Abstract Syntax Representations, 2014

◮ Part 1—A Foundational View ⋆ theory of contexts of assumptions (this talk) ⋆ benchmark problems ⋆ ORBI 0.1 ◮ Part 2—A Survey ⋆ benchmark problems applied to Twelf, Beluga, Hybrid, and

Abella

⋆ comparison and discussion

Open challenge problem Repository for systems reasoning with BInders: https://github.com/pientka/ORBI/

24